allow Slice Admins to see SlicePrivileges in their slice, allow any user to be used for SlicePrivilege
diff --git a/xos/core/admin.py b/xos/core/admin.py
index 85ece13..6846dff 100644
--- a/xos/core/admin.py
+++ b/xos/core/admin.py
@@ -595,7 +595,8 @@
if db_field.name == 'slice':
kwargs['queryset'] = Slice.select_by_user(request.user)
if db_field.name == 'user':
- kwargs['queryset'] = User.select_by_user(request.user)
+ # all users are available to be granted SlicePrivilege
+ kwargs['queryset'] = User.objects.all()
return super(SlicePrivilegeInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
diff --git a/xos/core/models/slice.py b/xos/core/models/slice.py
index 9aaafdc..76f5041 100644
--- a/xos/core/models/slice.py
+++ b/xos/core/models/slice.py
@@ -146,7 +146,18 @@
if user.is_admin:
qs = SlicePrivilege.objects.all()
else:
+ # You can see your own SlicePrivileges
sp_ids = [sp.id for sp in SlicePrivilege.objects.filter(user=user)]
+
+ # A site pi or site admin can see the SlicePrivileges for all slices in his Site
+ for priv in SitePrivilege.objects.filter(user=user):
+ if priv.role.role in ['pi', 'admin']:
+ sp_ids.extend( [sp.id for sp in SlicePrivilege.objects.filter(slice__site = priv.site)] )
+
+ # A slice admin can see the SlicePrivileges for his Slice
+ for priv in SlicePrivilege.objects.filter(user=user, role__role="admin"):
+ sp_ids.extend( [sp.id for sp in SlicePrivilege.objects.filter(slice=priv.slice)] )
+
qs = SlicePrivilege.objects.filter(id__in=sp_ids)
return qs